| 发明名称 |
Tunable encryption system |
| 摘要 |
A method, programmed medium and system are provided for enabling a user to choose a user-preferred encryption type from among a plurality of encryption types listed in a user's Kerberos configuration file. During the ticket granting process in a Kerberos system, a user is requested to select a preferred encryption type to be used in the Kerberos communication from among encryption types contained in the user's Kerberos configuration file. The user-selected encryption type is then implemented for use in encrypting a session ticket (as well as generating the session key of user requested encryption type) for use by the user machine in communicating securely with an Kerberized application server when being communicated by that particular user. Thus, the system allows different users to simultaneously communicate with the same Kerberized application server using a supported encryption type of the user's own choice. |
| 申请公布号 |
US8756429(B2) |
申请公布日期 |
2014.06.17 |
| 申请号 |
US200812248982 |
申请日期 |
2008.10.10 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Banerjee, Jr. Dwip N.;Patil Sandeep Ramesh;Chandrakant Punadikar Sachin;Shankar Ravi A. |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
Mims, Jr. David A.;Wilder Robert V. |
| 主权项 |
1. A method for processing a secure communication between a user machine and an application server, said method comprising:
enabling a first user to choose a first encryption type from among a plurality of encryption types listed in a Kerberos configuration file; associating said first user with said first encryption type; storing said first encryption type and said first user associated with said first encryption type on a server side in a Kerberos registry; enabling a second user to choose a second encryption type from among said plurality of encryption types listed in said Kerberos configuration file; associating said second user with said second encryption type; storing said second encryption type and said second user associated with said second encryption type on said server side in said Kerberos registry; and using said first and second encryption types in encrypting a session tickets for use by said first and second users, respectively, in communicating securely between said user machine and said application server whereby different users are enabled to use different encryption types from said user machine, wherein said first and second encryption types are implemented for use in encrypting session keys for said first and second users, and wherein said first and second encryption types are implemented for use in encrypting session tickets for communication between said first and second users on said user machine and said application server.
|
| 地址 |
Armonk NY US |
